PROOF OF HUMAN WORK — DEVELOPER DOCUMENTATION

API reference, integration guides, and best practices

QUICK START

  1. Generate a keypair
  2. Canonicalize your content
  3. Hash the content
  4. Sign the hash
  5. Submit to registry
  6. Verify attestation

HOW TO SIGN A FILE

Step 1: Canonicalize Content

Normalize your file to a consistent format:

  • Remove trailing whitespace
  • Normalize line endings (LF)
  • Sort if structured data (JSON keys sorted)

Step 2: Hash the Content

$ openssl dgst -sha256 file.txt
> SHA256(file.txt)= 0x...

Step 3: Sign the Hash

$ echo "0x..." | openssl dgst -sha256 -sign private.pem > signature.bin

Step 4: Submit to Registry

POST /pohw/attest
{
  "hash": "0x...",
  "signature": "<base64>",
  "did": "did:pohw:your-did"
}

HOW TO VERIFY A FILE

Step 1: Re-hash the Content

$ openssl dgst -sha256 file.txt
> SHA256(file.txt)= 0x...

Step 2: Fetch Signature

GET /pohw/verify/{hash}

Step 3: Verify Signature

$ openssl dgst -sha256 -verify public.pem -signature signature.bin hash.txt

Step 4: Check Merkle Proof

Verify inclusion in Merkle tree and chain anchors.

API ENDPOINTS

POST /pohw/attest

Submit a new attestation

Body: {hash, signature, did, timestamp}

Response: {receipt_hash, merkle_root}

GET /pohw/verify/{hash}

Verify an attestation

Response: {valid, signer, timestamp, merkle_proof}

GET /pohw/status

Registry node status

Response: {status, latest_root, anchored_at}

GET /pohw/proof/{hash}

Get Merkle proof for hash

Response: {proof, root, anchors}

SDKs FOR JAVASCRIPT/PYTHON/CLI

JavaScript SDK:

npm install @pohw/sdk

import { PoHW } from '@pohw/sdk';
const pohw = new PoHW({registry: 'https://proofofhumanwork.org'});
const receipt = await pohw.attest(content, privateKey);
const verification = await pohw.verify(content);

Python SDK:

pip install pohw-sdk

from pohw import PoHW
pohw = PoHW(registry='https://proofofhumanwork.org')
receipt = pohw.attest(content, private_key)
verification = pohw.verify(content)

CLI Tool:

pohw attest file.txt --key private.pem
pohw verify file.txt
pohw status

VERIFICATION CLIENT INTEGRATION

Integration Pattern:

  1. User uploads file to your service
  2. Canonicalize and hash file
  3. Query registry: GET /pohw/verify/{hash}
  4. If found, verify signature
  5. Check Merkle proof and chain anchors
  6. Display verification status

Example (JavaScript):

async function verifyFile(file) {
  const hash = await sha256(file);
  const response = await fetch(`https://gdn.sh/pohw/verify/${hash}`);
  const data = await response.json();
  
  if (data.valid) {
    // Verify signature cryptographically
    // Check Merkle proof
    // Display verified status
  }
}

ZERO-KNOWLEDGE FOOTPRINT

PoHW reveals:

  • Content hash (not content itself)
  • Signature validity
  • Signer DID (not identity)
  • Timestamp
  • Merkle proof

PoHW does NOT reveal:

  • Original content
  • Private keys
  • Identity information
  • Location data
  • Metadata beyond protocol needs

HOW TO GENERATE PROCESS DIGESTS

For code/content that changes:

  1. Capture snapshot at commit/publish time
  2. Canonicalize entire snapshot
  3. Hash snapshot
  4. Sign hash
  5. Attest snapshot hash

For continuous content:

  1. Define canonicalization rules
  2. Hash at intervals
  3. Chain hashes (hash[i] includes hash[i-1])
  4. Attest chain root

ATTESTATION FORMAT

Canonical JSON Format (for signing):

{
  "hash": "0x361132bb73b257cb8fcb0001d2328005f6b33b6ac5359f2394bc01c7571cc646",
  "did": "did:pohw:gdn.sh",
  "timestamp": "2025-11-25T00:00:00Z",
  "registry": "proofofhumanwork.org",
  "protocol": "Proof of Human Work",
  "version": "1.0.0"
}

Signature: Ed25519 signature of canonical JSON

Format: Binary or Base64-encoded

REGISTRY NODE OPERATION

Running a Registry Node:

  1. Setup server with API endpoints
  2. Initialize Merkle tree state
  3. Accept attestation submissions
  4. Batch into Merkle trees
  5. Anchor roots to chains periodically
  6. Sync with other registry nodes
  7. Provide verification endpoints

Requirements:

  • Persistent storage for Merkle tree
  • Chain integration (Bitcoin, Ethereum, etc.)
  • Rate limiting
  • CORS configuration
  • Public key endpoint

BEST PRACTICES

  1. Always canonicalize before hashing
  2. Store private keys securely (HSM recommended)
  3. Verify signatures before trusting
  4. Check Merkle proofs and chain anchors
  5. Use rate limiting to prevent automation
  6. Preserve privacy—don't leak identity
  7. Monitor registry node status
  8. Keep SDKs updated

TROUBLESHOOTING

Signature Verification Fails:

  • Check canonicalization matches
  • Verify public key matches private key
  • Ensure signature format is correct

Attestation Not Found:

  • Check hash matches exactly
  • Verify registry node is operational
  • Check timestamp is within validity window

Merkle Proof Invalid:

  • Verify proof path is correct
  • Check Merkle root matches chain anchor
  • Ensure registry node is synced